proton updates of 2024
Some awaited updates by proton hit the mailboxes in the last few days.
Some of the changes for good:
Mailbox Upgrade up to 1GB
Cloud Storage Upgrade up to 5GB
Proton Pass Plus $1.99/m (before $4.99/m)
added a new Password Generator
Chances for bad or good, depends security wisely:
Unused Accounts getting deleted after 12 months without any logins.
This starts April 9 2025.
Comments
Today they announced they are "joining forces" with Standard Notes: https://proton.me/blog/proton-standard-notes-join-forces
I do not know this other company but it sounds like an encrypted notes kinda thing, so that could be a nice addition to their profile. However, it really needs to be implemented into their existing suite, instead of continuing to run separately -- their acquisition of SimpleLogin forever ago is still run mostly like a separate thing, which is discouraging, as it would add a lot if they just integrated it.
What does SimpleLogin do?
Basically an email alias service, so you can have like [email protected] instead of giving your real email to a site, helps prevent spam and hides your real email in case of a leak.
https://proton.me/blog/hide-my-email-aliases
I like ProtonMail because email can be used with Tor.
It requires you to enable Javascript and WASM, it can be used for de-anonymizing you and making it significantly easier.
Real Tor privacy focused provider shouldn't require Javascript and work on "Safest" mode in Tor Browser. Many of them used squirrelmail but due to it being unmaintained and often exploitable, many providers such as Riseup ditched it.
Proton is great for general use, but I would never count on it in terms of privacy. What they currently do, acquiring tools such as Simplelogin feels like something a fed honeypot would do. They want you to store everything confidential and private with them, you got email(that they are able to read), you got vpn(that they are able to log), you got password manager, you got drive, you got aliasing(that they can link back to you and save messages), and now you got notes.
Putting so much trust in a single provider with questionable past is a no go for me. There is so many attack vectors that can be exploited, you pretty much only have to trust their word on everything.
For those unfamiliar, Proton was involved in things like illegal server hijacking of an alleged "phishing" page and tried to bribe people to delete evidence from Twitter.
https://www.vice.com/en/article/qvvke7/email-provider-protonmail-says-it-hacked-back-then-walks-claim-back
There is so much more to it than just that, but I don't have time to dig it up. All I want to say, what they are doing puts their users at risk even more than using conventional providers and separating everything.
They have integrated it in to Protonmail client itself, its called "Hide-my-email aliases", https://proton.me/support/addresses-and-aliases
And you can also login with Proton on Simplelogin website, aliases generated in Protonmail client are separate from those on Simplelogin.
This acquisition was more of obtaining monopoly and having access to more people than anything, the concept is extremely simple and their implementation in Protonmail app is probably different from Simplelogin's.
They want to be aknowledged everywhere as the safest and most useful host with good prices, but the look from outside can change rapidly if they start to buyout other services and invert them to their own usage.
Which emails cannot be used with Tor?
Standard notes is quote good. I had once bungled encrypting keys, but had slightly dated backup… would recommend it
Instead of simple login, I prefer firefox relay. Apple also had aliases for paid i loud but I am loathe to use them.
Protonmail is quite decent, the 1 gb bump for email…. Haven’t used even 800 mb from my 2004 gmail account. Storage is fine, real value add might be say onlyoffice integration as Murena does. But depends on ones needs ultimately
———-
blog | exploring visually |
That's my frustration though -- it's still completely separate from SimpleLogin, not integrated. I absolutely love Proton as a company, I'm a paying customer (MailPlus only though), and will wholeheartedly say that they make a lot of improvements every year. But it's almost a trope to point out how they half-ass certain features. Here's an example of what I mean with the SL integration:
If I have aliases already created in SimpleLogin, I can't manage them in ProtonMail. And if I create some in ProtonMail, I can't manage them from SimpleLogin. Plus, if you do create one in the ProtonMail sidebar, you can't even actually manage it there, but rather have to open ProtonPass instead. But ProtonPass doesn't show my other Proton addresses (like not even the [email protected] and [email protected] variants) that I have setup in ProtonMail. I personally don't use ProtonPass, for the eggs-in-one-basket reasoning, and use BitWarden instead. BitWarden has a SimpleLogin integration for their API, but of course, everything that I generate that way is only seen in SimpleLogin, not ProtonMail (nor ProtonPass). And hey, let's say I do decide to switch to ProtonPass instead, let me upgrade my service to be the paid version for unlimited aliases -- oh wait, because I already subscribe to ProtonMail, I can't pay the standard $1.99/month ProtonPass premium, I can only upgrade to ProtonUnlimited, which given my preference to avoid the eggs-in-one-basket situation, is even more problematic, plus would cost me more like $5-6 more each month (since it adds more than just the Pass features). But if I upgrade to SimpleLogin premium instead, (which I am literally ready to do the moment I can use it in ProtonMail) then my ProtonMail still can't use unlimited aliases, and I'm stuck with the limits from MailPlus (which is like 10 I think offhand).
What gets me is that it's like a two-steps-forward, one-step-back approach with everything they release. The recent change to be able to make aliases within ProtonMail itself is amazing. But why can't we manage them there? And why didn't they just make it show/use the same ones from SimpleLogin, which I log into with my Proton account? I pay for their service partially because I use the Plus benefits, but in reality I do it because I want the company to keep improving as I think their mission is important. I'm excited about the new acquisition because in theory, encrypted notes is a nice addition, and makes perfect sense, I just hope the integration is decent!